Half Of UK Businesses Have Fallen For Phishing Attacks

Almost half of all British organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff. 

Research by security company Sophos has found that 45 percent of UK organisations were compromised by phishing attacks between 2016 and 2018, and that 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.

Phishing emails are a common attack technique deployed in hacking campaigns, with hackers attempting to lure victims into downloading malware or entering sensitive credentials into a phony version of a website, such as a bank, a retailer, or a fake login page of the target organisation's own email system.

The attacks sound simple, but they're often deployed as the first step in campaigns by groups ranging from cyber-criminal gangs looking to make money, to nation-state-backed hacking groups looking to conduct espionage or cause disruption.
Even if there hasn't been any immediate or obvious damage, there's the potential for attackers to have gained persistent access to target networks, especially if the victim hasn't done anything to counter the attack.

"It's difficult to assess how successful attacks are being exploited. It could be anything from simple credential theft to a network compromise leading to a data breach and everything in between," John Shier, senior security expert at Sophos told ZDNet. 

There's also the potential that the attackers could gain further ground if there are instances of password re-use by the victim, which is why security professionals recommend that multi-factor authentication is applied across the enterprise.

"Regardless of the end goal, it's important to understand that once a cyber-criminal has your credentials, as far as the authentication systems know, they are you. This is why two-factor authentication is a must for all your accounts," said Shier.

While cyber criminals attack organisations of all sizes, the Sophos study, undertaken by Sapio Research, suggests that it's larger organisations that are more likely to fall victim to a phishing attack: 54 percent of organisations with between 500 and 1,000 employees have fallen victim to phishing in the past two years.

That figure drops to 39 percent for firms with 250 to 500 staff, and drops again to just 14 percent for businesses with under 250 people. While smaller firms are often said to be easier targets for hackers, it's likely that cyber criminals looking for a lucrative payday will be focusing their attentions on large organisations. However, with the threat that phishing poses, it's not something that any organisation of any size can afford to ignore, and senior executives should ensure their business has processes in place to attempt to prevent it from happening, as well as providing proper channels for employees to report suspected attacks.

"The reality is that 100 percent of organisations will be faced with fending off phishing attacks and unfortunately many attacks will succeed. Knowing that you've been compromised and reacting quickly is paramount," said Shier.

"Not only should organisations urge their users to report potential phishing attacks but also encourage a safe reporting environment for when users make a mistake," he added.

ZDNet:

For economic and accurate staff and management cyber security training that includes phishing security training please contact Cyber Security Intelligence.

You Might Also Read:

Hidden Truth About Cyber-Crime: Insider Threats

How To Develop Secure Cybersecurity Practices:

 

 

 

« Three In Five Politicians’ Websites Don’t Use Cyber Security
US Surveillance System Exposed By Snowden Goes Dormant »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

Traced

Traced

TRACED is changing the detection paradigm. Empowering defenders to go on the offense to engage cyber attackers before they compromise your organization.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.